By Need

By Industry

By Function

Cloud Enablement & Operations

Cloud Life Cycle Management: Now That I Have It, How Do I Patch It?

The complexity associated with patching, service packs, hotfixes, upgrades and firmware updates, defined as general life cycle activities, are nothing new to IT professionals. This has been an ongoing effort for many years now, and we have all come to expect that vendors will provide regular updates that include bug fixes, security patches and feature enhancements.  We have all experienced that common call to technical support to be greeted by the phrase: “are you running the most recent updates?”  While the cloud doesn’t change the need for these updates; it can, however, substantially simplify the process and reduce planned downtime..

Recently, I was working with a customer during a strategic planning session for their internal cloud, and I was asked “How am I going to update the cloud?”  This sparked some very interesting dialogue between the teams.  Presently, they explained, the virtualization team works independently of the networking and storage teams when performing updates.  The teams have only minor dialogue when planning, which often leads to confusion and problems during, and after, the updates.  When performing updates in any of the infrastructure components, it usually results in planned downtime for their customers. Obviously, they wanted to know how to avoid this in the future.

This gave me the opportunity to discuss some important lessons I had learned from my own experiences of helping customers adopt cloud infrastructures over the past several years. First, if you only change the technology when building a cloud and keep the same processes you have for traditional virtualization today, you should expect the same results.  In other words, if you don’t change the processes, procedures and methodology you will have the same results when you are done, the same planned outages for updates, lagging technology updates and lack of communication between internal teams.  Cloud technology requires a new way of thinking to take full advantage of all the benefits of cloud infrastructure.

The technology to perform infrastructure updates without downtime has existed for several years now.  Most people using VMware vSphere are leveraging VMware vMotion and some are even using VMware Storage vMotion.  Both of these technologies are great for eliminating downtime associated with Host and Storage maintenance and upgrades; they can even be used to meet application Service Level Agreements (SLA).  Check out this You Tube Video on vSphere storage DRS.  How about Cisco’s In-Service Software Upgrade (ISSU) for switch upgrades?  Most vendors provide technologies to implement non-service impacting upgrades to their infrastructure.  So if architected correctly, the technologies exist today across compute, hypervisor, storage arrays, networking and security to seamlessly upgrade components.  So what’s the difficulty?

Even with some of the most aggressive operation teams in organizations, existing enterprise change control processes can quickly derail all efforts if the organization can’t adapt to the new ways of thinking. The key here is to document your processes very clearly and define your Service Level Agreements (SLA) to your customers.  If customers are consuming pure Infrastructure as a Service (IaaS) then what happens at the infrastructure layer has to be abstracted from the customer.  Pre-approved change tickets can be an advantage here for customers planning for maintenance of the infrastructure cloud components.

How do you guarantee that changes won’t affect the production environment and how do you test all the individual components? There are several options that already exist, one being relatively new. The traditional method involves building a separate infrastructure for lab, and testing the upgrades across all components.  This testing can typically be very time consuming and still doesn’t guarantee compatibility.  Companies offering Converged Infrastructure solutions such as The Virtual Computing Environment Company (VCE) Vblock, Dell, Hewlett Packard (HP), and IBM offer a simplified approach to patching and life cycle activities for their converged infrastructure.  These companies test all of the updates together as a system and then release them as part of a tested bundled solution. It is true that at this point in time there is no one button to push that magically allows you to upgrade everything at once. However, the approach it offers is a much better option than placing all the work on your operations team to test and certify before each update.

This, however, doesn’t eliminate the need for testing; it just reduces the amount of time and effort required for updating.  It allows the teams to focus on what they are good at.  These vendors are standardizing their release schedules and reducing the amount of updates that are required.  I suspect we are going to see a much more automated process in the near future from the Converged Infrastructure vendors.

In conclusion, I would suggest the following if you are looking to refine and enhance the life cycle management of your infrastructure:

Randy Becker.

Randy Becker

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy is also a HITRUST Certified CSF Practitioner (CCSFP) which ensures clients have access to the highest level of expertise related to privacy, security, compliance, and risk management.